How can I enforce a S3 policy to let only signed URL get objects?

0 votes

I can generate my signed urls the AWS-SDK node package, and I could confirm they work when my bucket is set as public.

However, I can't find where I can set the parameters mentioned here:

Restrict Bucket Access : Yes

Origin Access Identity : Use an Existing Identity

Restrict Viewer Access(Use Signed URLs) : Yes

Trusted Signers : Self

I do not use Cloudfront and it looks like Cloudfront specifics

Is there any way to set these up (or produce an equivalent behavior) using S3 only? i.e. bucket private by default, only urls signed by one of my IAM users can be served.

Oct 5, 2018 in AWS by eatcodesleeprepeat
• 4,670 points
385 views

1 answer to this question.

0 votes

You don't need to make a bucket public in order for signed URLs to work. That would entirely defeat the purpose of signed URLs.

and Make sure the IAM user that you are using to generate the pre-signed URL has permissions to read from the bucket.

answered Oct 5, 2018 by Priyaj
• 56,520 points

Related Questions In AWS

0 votes
1 answer
+1 vote
4 answers

Can a URL be directly uploaded to S3 using POST?

You can read this blog and get ...READ MORE

answered Oct 25, 2018 in AWS by chamunda
48 views
0 votes
1 answer

How do I write an S3 Object to a file?

While IOUtils.copy() and IOUtils.copyLarge() are great, I would prefer the old ...READ MORE

answered Jul 13, 2018 in AWS by Hammer
• 360 points
91 views
0 votes
1 answer
0 votes
1 answer

AWS S3 uploading hidden files by default

versioning is enabled in your bucket. docs.aws.amazon.com/AmazonS3/latest/user-guide/….... the ...READ MORE

answered Oct 4, 2018 in AWS by Priyaj
• 56,520 points
193 views
0 votes
1 answer

How to decrypt the encrypted S3 file using aws-encryption-cli --decrypt

Use command : aws s3 presign s3://mybucket/abc_count.png you get ...READ MORE

answered Oct 22, 2018 in AWS by Priyaj
• 56,520 points
349 views
0 votes
1 answer

Import my AWS credentials using python script

Using AWS Cli  Configure your IAM user then ...READ MORE

answered Nov 16, 2018 in AWS by Jino
• 5,560 points
246 views
0 votes
2 answers
0 votes
1 answer

How can I get current date in a CloudFormation script?

The advice by @Guy is correct, you ...READ MORE

answered Aug 29, 2018 in AWS by Priyaj
• 56,520 points
805 views
0 votes
1 answer

How to create a CloudFormation only AWS policy

The easiest way to achieve what you're ...READ MORE

answered Sep 26, 2018 in AWS by Priyaj
• 56,520 points
109 views